3fbcac5391d983796b876abda2fbcdaaab43eb1c164cec04e5f8acd92d21ac38

Sharing

Copy URL Twitter E-mail

General

Target

3fbcac5391d983796b876abda2fbcdaaab43eb1c164cec04e5f8acd92d21ac38
Size

547KB
MD5

126495a4ad51b4ce6ae62cebad063aa6
SHA1

e920b98567d5f3f37c860e7eb0794b5f27d4961a
SHA256

3fbcac5391d983796b876abda2fbcdaaab43eb1c164cec04e5f8acd92d21ac38
SHA512

e385edcb1ae6b3688e0e544228b6eb3b1ca1b38b3d880901ab6c292e5afbee8d62fbd2efef7d991251b54701c32bedf2d4024ec10757684bfa0194d0deeb4da7
SSDEEP

12288:o7AOwloQGVa2u2HH+Jrd6sudo/N2/hSMXliphqSf1d:oQ0a2FG6s6GN2/hSMXlIhHj

Score

1^/10

Malware Config

Signatures

Files

3fbcac5391d983796b876abda2fbcdaaab43eb1c164cec04e5f8acd92d21ac38
.dll windows x64

ba4ee09f5f7f3b902ab2db83024a4fea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
MultiByteToWideChar
GetCurrentThread
SetLastError
TerminateProcess
ResumeThread
GetLastError
CloseHandle
ExitProcess
VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
UnmapViewOfFile
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryExW
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers

shell32

CommandLineToArgvW

ws2_32

InetPtonW
GetAddrInfoExW

Exports

Exports

MpClientUtilExportFunctions
MpConfigClose
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigOpen
MpConfigUninitialize
MpFreeMemory
MpHandleClose
MpManagerOpen
MpNotificationRegister
MpUtilsExportFunctions

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba4ee09f5f7f3b902ab2db83024a4fea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 244B

.detourc Size: 26KB - Virtual size: 25KB

.detourd Size: 512B - Virtual size: 64B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 244B

.detourc
Size: 26KB - Virtual size: 25KB

.detourd
Size: 512B - Virtual size: 64B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB